Revision: 19271
http://sourceforge.net/p/edk2/code/19271
Author: shenshushi
Date: 2015-12-15 08:40:55 +0000 (Tue, 15 Dec 2015)
Log Message:
-----------
MdeModulePkg: Add NULL pointer check for RegularExpressionDxe.
Refine code by adding NULL pointer check to avoid potential NULL pointer
dereferenced.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <[email protected]>
Reviewed-by: Samer El-Haj-Mahmoud <[email protected]>
Modified Paths:
--------------
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/enc/unicode.c
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/st.c
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.c
Modified:
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/enc/unicode.c
===================================================================
---
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/enc/unicode.c
2015-12-15 06:00:10 UTC (rev 19270)
+++
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/enc/unicode.c
2015-12-15 08:40:55 UTC (rev 19271)
@@ -11239,7 +11239,7 @@
}
else if ((flag & INTERNAL_ONIGENC_CASE_FOLD_MULTI_CHAR) != 0) {
OnigCodePoint cs[3][4];
- int fn, ncs[3];
+ int fn, ncs[3]={0, 0, 0};
for (fn = 0; fn < to->n; fn++) {
cs[fn][0] = to->code[fn];
Modified:
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c
2015-12-15 06:00:10 UTC (rev 19270)
+++ trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regcomp.c
2015-12-15 08:40:55 UTC (rev 19271)
@@ -1248,6 +1248,9 @@
case ENCLOSE_STOP_BACKTRACK:
if (IS_ENCLOSE_STOP_BT_SIMPLE_REPEAT(node)) {
+ if (node->target == NULL) {
+ CHECK_NULL_RETURN_MEMERR(node->target);
+ }
QtfrNode* qn = NQTFR(node->target);
tlen = compile_length_tree(qn->target, reg);
if (tlen < 0) return tlen;
@@ -3263,6 +3266,7 @@
int r, i, j, len, varlen;
Node *anode, *var_anode, *snode, *xnode, *an;
UChar buf[ONIGENC_CODE_TO_MBC_MAXLEN];
+ xnode = NULL_NODE;
*rnode = var_anode = NULL_NODE;
@@ -3317,7 +3321,7 @@
}
if (items[i].byte_len != slen) {
- Node *rem;
+ Node *rem = NULL_NODE;
UChar *q = p + items[i].byte_len;
if (q < end) {
@@ -3346,6 +3350,12 @@
NCAR(an) = snode;
}
+ if (var_anode == NULL) {
+ onig_node_free(an);
+ onig_node_free(xnode);
+ onig_node_free(rem);
+ goto mem_err2;
+ }
NCDR(var_anode) = an;
var_anode = an;
}
@@ -5304,7 +5314,7 @@
#endif
r = onig_parse_make_tree(&root, pattern, pattern_end, reg, &scan_env);
- if (r != 0) goto err;
+ if (r != 0 || root == NULL) goto err;
#ifdef USE_NAMED_GROUP
/* mixed use named group and no-named group */
Modified:
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
2015-12-15 06:00:10 UTC (rev 19270)
+++ trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
2015-12-15 08:40:55 UTC (rev 19271)
@@ -308,6 +308,10 @@
default:
q = onig_error_code_to_format(code);
+ if (q == NULL) {
+ len = 0;
+ break;
+ }
len = onigenc_str_bytelen_null(ONIG_ENCODING_ASCII, q);
xmemcpy(s, q, len);
s[len] = '\0';
Modified:
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c
2015-12-15 06:00:10 UTC (rev 19270)
+++ trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regexec.c
2015-12-15 08:40:55 UTC (rev 19271)
@@ -243,7 +243,9 @@
OnigRegion* r;
r = (OnigRegion* )xmalloc(sizeof(OnigRegion));
- onig_region_init(r);
+ if (r != NULL) {
+ onig_region_init(r);
+ }
return r;
}
@@ -284,6 +286,10 @@
to->allocated = from->num_regs;
}
+ if (to->beg == NULL || to->end == NULL) {
+ return;
+ }
+
for (i = 0; i < from->num_regs; i++) {
to->beg[i] = from->beg[i];
to->end[i] = from->end[i];
Modified:
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c
2015-12-15 06:00:10 UTC (rev 19270)
+++ trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regparse.c
2015-12-15 08:40:55 UTC (rev 19271)
@@ -380,6 +380,7 @@
int result;
key = (st_str_end_key* )xmalloc(sizeof(st_str_end_key));
+ CHECK_NULL_RETURN_MEMERR(key);
key->s = (UChar* )str_key;
key->end = (UChar* )end_key;
result = onig_st_insert(table, (st_data_t )(UINTN)key, value);
@@ -732,6 +733,7 @@
#ifdef USE_ST_LIBRARY
if (IS_NULL(t)) {
t = onig_st_init_strend_table_with_size(5);
+ CHECK_NULL_RETURN_MEMERR(t);
reg->name_table = (void* )t;
}
e = (NameEntry* )xmalloc(sizeof(NameEntry));
@@ -964,6 +966,8 @@
if (IS_NULL(env->mem_nodes_dynamic)) {
alloc = INIT_SCANENV_MEMNODES_ALLOC_SIZE;
p = (Node** )xmalloc(sizeof(Node*) * alloc);
+ CHECK_NULL_RETURN_MEMERR(p);
+
xmemcpy(p, env->mem_nodes_static,
sizeof(Node*) * SCANENV_MEMNODES_SIZE);
}
@@ -1522,6 +1526,7 @@
node_new_str_raw(UChar* s, UChar* end)
{
Node* node = node_new_str(s, end);
+ CHECK_NULL_RETURN(node);
NSTRING_SET_RAW(node);
return node;
}
@@ -1551,6 +1556,7 @@
p = onigenc_get_prev_char_head(enc, sn->s, sn->end);
if (p && p > sn->s) { /* can be splitted. */
n = node_new_str(p, sn->end);
+ CHECK_NULL_RETURN(n);
if ((sn->flag & NSTR_RAW) != 0)
NSTRING_SET_RAW(n);
sn->end = (UChar* )p;
@@ -4785,6 +4791,9 @@
QtfrNode* qnt = NQTFR(target);
int nestq_num = popular_quantifier_num(qn);
int targetq_num = popular_quantifier_num(qnt);
+ if (nestq_num < 0 || targetq_num < 0) {
+ return ONIGERR_TYPE_BUG;
+ }
#ifdef USE_WARNING_REDUNDANT_NESTED_REPEAT_OPERATOR
if (!IS_QUANTIFIER_BY_NUMBER(qn) && !IS_QUANTIFIER_BY_NUMBER(qnt) &&
@@ -5234,6 +5243,7 @@
cc = NCCLASS(*np);
NCCLASS_SET_SHARE(cc);
new_key = (type_cclass_key* )xmalloc(sizeof(type_cclass_key));
+ CHECK_NULL_RETURN_MEMERR(new_key);
xmemcpy(new_key, &key, sizeof(type_cclass_key));
onig_st_add_direct(OnigTypeCClassTable, (st_data_t )(UINTN)new_key,
(st_data_t )(UINTN)*np);
@@ -5345,6 +5355,7 @@
case TK_ANCHOR:
*np = onig_node_new_anchor(tok->u.anchor);
+ CHECK_NULL_RETURN_MEMERR(*np);
break;
case TK_OP_REPEAT:
@@ -5354,6 +5365,7 @@
return ONIGERR_TARGET_OF_REPEAT_OPERATOR_NOT_SPECIFIED;
else
*np = node_new_empty();
+ CHECK_NULL_RETURN_MEMERR(*np);
}
else {
goto tk_byte;
@@ -5442,9 +5454,11 @@
}
else {
*top = node_new_list(node, NULL);
+ CHECK_NULL_RETURN_MEMERR(*top);
headp = &(NCDR(*top));
while (r != TK_EOT && r != term && r != TK_ALT) {
r = parse_exp(&node, tok, term, src, end, env);
+ CHECK_NULL_RETURN_MEMERR(node);
if (r < 0) return r;
if (NTYPE(node) == NT_LIST) {
@@ -5482,6 +5496,7 @@
}
else if (r == TK_ALT) {
*top = onig_node_new_alt(node, NULL);
+ CHECK_NULL_RETURN_MEMERR(*top);
headp = &(NCDR(*top));
while (r == TK_ALT) {
r = fetch_token(tok, src, end, env);
Modified: trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/st.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/st.c
2015-12-15 06:00:10 UTC (rev 19270)
+++ trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/st.c
2015-12-15 08:40:55 UTC (rev 19271)
@@ -156,6 +156,7 @@
size = new_size(size); /* round up to prime number */
tbl = alloc(st_table);
+ CHECK_NULL_RETURN(tbl);
tbl->type = type;
tbl->num_entries = 0;
tbl->num_bins = size;
@@ -267,6 +268,9 @@
}\
\
entry = alloc(st_table_entry);\
+ if (entry == NULL) {\
+ break;\
+ }\
\
entry->hash = hash_val;\
entry->key = key;\
@@ -321,6 +325,9 @@
new_num_bins = new_size(old_num_bins+1);
new_bins = (st_table_entry**)Calloc(new_num_bins, sizeof(st_table_entry*));
+ if (new_bins == NULL) {
+ return;
+ }
for(i = 0; i < old_num_bins; i++) {
ptr = table->bins[i];
Modified:
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.c
===================================================================
---
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.c
2015-12-15 06:00:10 UTC (rev 19270)
+++
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.c
2015-12-15 08:40:55 UTC (rev 19271)
@@ -130,6 +130,10 @@
//
Start = (OnigUChar*)String;
Region = onig_region_new ();
+ if (Region == NULL) {
+ onig_free (OnigRegex);
+ return EFI_OUT_OF_RESOURCES;
+ }
OnigResult = onig_search (
OnigRegex,
Start,
------------------------------------------------------------------------------
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
